From: Radoslaw Zarzynski <rzarzyns@redhat.com>
Date: Thu, 21 Feb 2019 00:26:25 +0000 (+0100)
Subject: msg/async, v2: handle msg authentication failures.
X-Git-Tag: v14.1.1~157^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2c2867ad27b80d25fb4bde4d5906f7794411c109;p=ceph.git

msg/async, v2: handle msg authentication failures.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
---

diff --git a/src/msg/async/ProtocolV2.cc b/src/msg/async/ProtocolV2.cc
index 48c9aa00992b..59c6b1935146 100644
--- a/src/msg/async/ProtocolV2.cc
+++ b/src/msg/async/ProtocolV2.cc
@@ -55,7 +55,7 @@ void ProtocolV2::run_continuation(CtPtr continuation) {
     lderr(cct) << __func__ << " failed decoding of frame header: " << e
                << dendl;
     _fault();
-  } catch (const SHA256SignatureError &e) {
+  } catch (const ceph::crypto::onwire::MsgAuthError &e) {
     lderr(cct) << __func__ << " " << e.what() << dendl;
     _fault();
   } catch (const DecryptionError &) {
@@ -1889,8 +1889,14 @@ CtPtr ProtocolV2::handle_message_complete() {
       data = session_stream_handlers.rx->authenticated_decrypt_update(
         std::move(data), segment_t::DEFAULT_ALIGNMENT);
     }
-    session_stream_handlers.rx->authenticated_decrypt_update_final(
-      std::move(extra), segment_t::DEFAULT_ALIGNMENT);
+    try {
+      session_stream_handlers.rx->authenticated_decrypt_update_final(
+	std::move(extra), segment_t::DEFAULT_ALIGNMENT);
+    } catch (ceph::crypto::onwire::MsgAuthError &e) {
+      ldout(cct, 5) << __func__ << " message authentication failed: "
+		    << e.what() << dendl;
+      return _fault();
+    }
   }
 
   Message *message = decode_message(cct, messenger->crcflags, header, footer,
diff --git a/src/msg/async/crypto_onwire.cc b/src/msg/async/crypto_onwire.cc
index 0cd272eae4cd..0fa35cac4096 100644
--- a/src/msg/async/crypto_onwire.cc
+++ b/src/msg/async/crypto_onwire.cc
@@ -269,7 +269,7 @@ ceph::bufferlist AES128GCM_OnWireRxHandler::authenticated_decrypt_update_final(
 		     << " plainbl.length()=" << plainbl.length()
 		     << " final_len=" << final_len
 		     << dendl;
-      throw std::runtime_error("EVP_DecryptFinal_ex failed");
+      throw MsgAuthError();
     } else {
       ceph_assert_always(final_len == 0);
       ceph_assert_always(plainbl.length() + final_len + AESGCM_TAG_LEN == cnt_len);
diff --git a/src/msg/async/crypto_onwire.h b/src/msg/async/crypto_onwire.h
index 4917c3675225..bd682e8c71cd 100644
--- a/src/msg/async/crypto_onwire.h
+++ b/src/msg/async/crypto_onwire.h
@@ -39,6 +39,12 @@ class always_aligned_t {
 
 namespace ceph::crypto::onwire {
 
+struct MsgAuthError : public std::runtime_error {
+  MsgAuthError()
+    : runtime_error("message signature mismatch") {
+  }
+};
+
 struct TxHandler {
   virtual ~TxHandler() = default;
 
@@ -111,7 +117,6 @@ struct rxtx_t {
     bool crossed);
 };
 
-
 } // namespace ceph::crypto::onwire
 
 #endif // CEPH_CRYPTO_ONWIRE_H